PT-2025-18666 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: The issue is related to a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This allows attackers to execute arbitrary commands via a crafte...

PT-2025-18630

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been identified in the Linux kernel, specifically in the btrfs file system. The leak occurs during backref walking at find parent nodes, when dealing with a data...

PT-2025-18179 · Unknown · Code-Projects Product Management System

Name of the Vulnerable Software and Affected Versions: code-projects Product Management System version 1.0 Description: A critical issue has been found in the function add item. The manipulation of the argument st.productname leads to a stack-based buffer overflow. This issue can be exploited...

PT-2025-18115 · Unknown · Code-Projects Atm Banking

Name of the Vulnerable Software and Affected Versions: code-projects ATM Banking version 1.0 Description: A critical vulnerability was found in the code-projects ATM Banking software. The issue affects the moneyDeposit/moneyWithdraw function, leading to business logic errors. Local access is...

PT-2025-17237 · Unknown · Prison Management System

Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.65 Description: An issue in Personal Management System allows a remote attacker to obtain sensitive information via the "Travel Ideas" function. Recommendations: For version 1.4.65, consider disabling th...

PT-2025-17212 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue is related to a Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. This allows for potential exploitation. Recommendations: For Tenda AC10 version V4.0si V16.03.10.20, consider...

PT-2025-16380 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue concerns a Buffer Overflow in the AdvSetMacMtuWan function via the mac2 variable. Recommendations: For Tenda AC10 version V4.0si V16.03.10.20, as a temporary workaround, consider...

PT-2025-25405 · Blink · Bl-Wr9000 +7

Name of the Vulnerable Software and Affected Versions: Blink routers BL-WR9000 version 2.4.9 Blink routers BL-AC2100 AZ3 version 1.0.4 Blink routers BL-X10 AC8 version 1.0.5 Blink routers BL-LTE300 version 1.2.3 Blink routers BL-F1200 AT1 version 1.0.0 Blink routers BL-X26 AC8 version 1.2.8 Blink...

PT-2025-20360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue was found in the Linux kernel's cpufreq subsystem, specifically in the apple-soc driver. The apple soc cpufreq get rate function does not check if cpufre...

PT-2025-18654 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900 version 6.3c.1144 B20190715 Description: The issue is related to a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This allows attackers to execute arbitrary commands via a crafted...

PT-2025-14841 · Unknown · Expand-Object

Name of the Vulnerable Software and Affected Versions: expand-object versions 0.0.0 and later Description: The issue concerns a Prototype Pollution flaw in the expand function located in index.js. This function is used to expand a given string into an object, but it does not check the provided ke...

PT-2025-14583 · Mindspore · Mindspore

Name of the Vulnerable Software and Affected Versions: MindSpore version 2.5.0 Description: A vulnerability was found in MindSpore, affecting the function mindspore.numpy.fft.hfftn. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has...

PT-2025-18664 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the CloudSrvUserdataVersionCheck function through the url parameter. This issue allows attackers to execute arbitrary commands via a...

PT-2025-14562 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch version 2.6.0 Description: A problematic vulnerability has been found in PyTorch, affecting the function torch.jit.jit module from flatbuffer. This issue leads to memory corruption and requires local access to exploit. The exploit has...

PT-2025-12768 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress versions up to, and including, 3.3.6.1 Description: The issue allows unauthenticated attackers to extract private post titles of downloads via the edd ajax get...

PT-2025-12052

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version git d4ec6a3 Description: The issue is related to a local file inclusion vulnerability due to the use of the gradio component gr.JSON. This vulnerability allows unauthenticated users to access arbitrary files...

PT-2025-12302 · Pandas +1 · Pandas +1

Name of the Vulnerable Software and Affected Versions: Dify Tools versions prior to the fixed version Description: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function...

PT-2025-10589 · Assimp +2 · Assimp +2

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A critical issue has been found in the Open Asset Import Library Assimp, affecting the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp in the File Handler...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router product from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that originates from the vifdisable function, no details of the vulnerability are provided at this time...

PT-2025-7559 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: Totolink X5000R version 9.1.0u.6369 B20230113 Description: The issue concerns a command injection vulnerability via the vif disable function in mtkwifi.lua. Recommendations: For Totolink X5000R version 9.1.0u.6369 B20230113, as a temporary...